codonaft
diff --git a/‎_config.i2p.yml‎
Lines changed: 10 additions & 0 deletions b/‎_config.i2p.yml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎_config.tor.yml‎
Lines changed: 11 additions & 0 deletions b/‎_config.tor.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎_config.yml‎
Lines changed: 11 additions & 0 deletions b/‎_config.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎_do.cr‎
Lines changed: 126 additions & 3 deletions b/‎_do.cr‎
Lines changed: 126 additions & 3 deletions
diff --git a/‎_hosts/media.codonaft/etc/init.d/rnostr‎
Lines changed: 2 additions & 1 deletion b/‎_hosts/media.codonaft/etc/init.d/rnostr‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎_hosts/media.codonaft/etc/local.d/90-inotify-extra.start‎
Lines changed: 12 additions & 12 deletions b/‎_hosts/media.codonaft/etc/local.d/90-inotify-extra.start‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎_hosts/media.codonaft/etc/nginx/http.d/media.conf‎
Lines changed: 84 additions & 0 deletions b/‎_hosts/media.codonaft/etc/nginx/http.d/media.conf‎
Lines changed: 84 additions & 0 deletions
@@ -4,3 +4,13 @@ theme_settings:
   p2p_player:
     media_urls_overwrite:
     - http://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p
+  nostr:
+    spam_api_overwrite: http://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p/nostr/spam.nostr.band/spam_api
+    profile_relays_overwrite:
+    - ws://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p/nostr/purplepag.es
+    - ws://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p/nostr/hist.nostr.land
+    relays_overwrite:
+    - ws://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p/nostr
+    read_cache_relays_overwrite:
+    - ws://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p/nostr
+    - ws://codnaft43k7ncna2hfsxrzi2nqoxieu22vbyjkmhkwdrrta2ghlq.b32.i2p/nostr/relay.primal.net
@@ -4,3 +4,14 @@ theme_settings:
   p2p_player:
     media_urls_overwrite:
     - http://codonaftct3jsouvfyrjq4yumyngzv3el2msndf5oddccktgghnw7eyd.onion
+  nostr:
+    spam_api_overwrite: http://codonaftct3jsouvfyrjq4yumyngzv3el2msndf5oddccktgghnw7eyd.onion/nostr/spam.nostr.band/spam_api
+    profile_relays_overwrite:
+    - wss://purplepag.es
+    - wss://hist.nostr.land
+    relays_overwrite:
+    - ws://oxtrdevav64z64yb7x6rjg4ntzqjhedm5b5zjqulugknhzr46ny2qbad.onion
+    - ws://gnostr2jnapk72mnagq3cuykfon73temzp77hcbncn4silgt77boruid.onion
+    read_cache_relays_overwrite:
+    - ws://codonaftct3jsouvfyrjq4yumyngzv3el2msndf5oddccktgghnw7eyd.onion/nostr
+    - ws://codonaftct3jsouvfyrjq4yumyngzv3el2msndf5oddccktgghnw7eyd.onion/nostr/relay.primal.net
@@ -126,16 +126,27 @@ theme_settings:
   zapthreads: true
 
   nostr:
+    enabled: true
     npub: npub1alptdev5srcw2hxg03567p4k6xs3lgj7f6545suc0rzp0xw98svse7rg94
     community: codonaft
     max_comment_length: 5000
     min_read_pow: 7
+
+    spam_api: https://spam.nostr.band/spam_api
+    profile_relays:
+    - wss://purplepag.es
+    - wss://hist.nostr.land
     relays:
     - wss://nostr-pub.wellorder.net
     - wss://relay.nostr.band
     read_cache_relays:
     - wss://relay.primal.net
 
+    spam_api_overwrite: ''
+    profile_relays_overwrite: []
+    relays_overwrite: []
+    read_cache_relays_overwrite: []
+
   special_page:
     search:
       icon: search # Assuming page link and icon are the same
 
@@ -12,7 +12,7 @@ require "json"
 require "uri"
 require "yaml"
 
-DEBUG = ARGV.empty? || !["sync", "build", "deploy", "health"].includes?(ARGV[0])
+DEBUG = ARGV.empty? || !["sync", "sync-nostr", "build", "deploy", "health"].includes?(ARGV[0])
 TRACE = ENV["TRACE"]? == "1"
 
 WILDCARD_HOST = "0.0.0.0"
@@ -74,6 +74,9 @@ def main
   elsif ARGV.size == 1 && ARGV[0] == "sync"
     check
     sync
+  elsif ARGV.size >= 1 && ARGV[0] == "sync-nostr"
+    profiles = ARGV.size > 1 && ARGV[1] == "profiles"
+    sync_nostr(config, profiles: profiles, output_relays: ["ws://localhost:7777", "wss://nostr.codonaft.com", "wss://purplepag.es", "wss://nostr.oxtr.dev", "wss://nostr.girino.org"])
   elsif ARGV.size == 1 && ARGV[0] == "health"
     check
     health(config)
@@ -126,6 +129,10 @@ def usage
            download newest non-conflicting versioned files to _ohmyvps and _hosts
            upload newest files from _ohmyvps, _hosts and .build
 
+       #{script} sync-nostr [profile]
+         fetch nostr events, push them to my relays
+         don't send events to profile-specific relays by default
+
        #{script} health
          run health checks
 
@@ -392,6 +399,10 @@ def health(config)
   end
   step("health")
 
+  all_hosts().each { |host| ssh(host, ["sudo /etc/init.d/nginx checkconfig"], tty: true) }
+
+  warn("github commit hash is different\n") unless JSON.parse(HTTP::Client.get("https://api.github.com/repos/codonaft/codonaft.github.io/commits").body)[0]["sha"].as_s == `git rev-parse HEAD`.strip
+
   banlists =
     if nonempty_exists?(BANLISTS) && File.info(BANLISTS).modification_time + 1.days > Time.utc
       File.read_lines(BANLISTS).to_set
@@ -461,7 +472,7 @@ def health(config)
     .map { |i| i.strip }
     .reject { |i| i.empty? }
     .map { |i| URI.parse(i) }
-    .reject { |i| i.hostname.nil? || i.hostname == "127.0.0.1" } + relay_mirrors
+    .reject { |i| i.hostname.nil? || i.hostname == "localhost" } + relay_mirrors
   wss_uris = (trackers + other_relays + `git grep --only-matching 'wss://[a-zA-Z0-9/._-]*'`
     .split('\n')
     .map { |i| i.strip.gsub(/.*wss:\/\//, "") }
@@ -714,7 +725,6 @@ def check
   step("check")
 
   ps = processes()
-
   current_ps_name = "/#{Path[__FILE__].basename}"
   raise "other instance keeps running" if ps
                                             .select { |(_, i)| i.includes?("crystal") && i.includes?(current_ps_name) }
@@ -723,6 +733,8 @@ def check
   puts("checking dependencies")
   system("which bsdtar bundle css-minify node pnpm podman rsync scour svgcleaner svgo uglifyjs wget >>/dev/null")
   raise "missing deps, run: cd && npm install 'css-minify@2.0.0' 'svgo@3.3.2' && USE='lz4 xxhash zstd' emerge '=app-arch/libarchive-3.7.9' '=app-arch/unzip-6.0_p27-r1' '=app-containers/podman-5.3.2' '=dev-ruby/bundler-2.4.22' '=dev-lang/crystal-1.16.1' '=dev-util/uglifyjs-3.16.1' '=media-gfx/scour-0.38.2-r1' '=media-sound/opus-tools-0.2-r1' '=media-libs/libwebp-1.4.0' '=media-video/mediainfo-24.11' '=net-dns/bind-tools-9.18.0-r1' '=net-libs/nodejs-22.13.1' '=net-misc/rsync-3.4.1' '=net-misc/wget-1.25.0' '=sys-apps/pnpm-bin-9.6.0' && cargo install --locked 'svgcleaner@0.9.5' 'websocat@1.13.0'" unless $?.success?
+  system("podman ps >>/dev/null")
+  raise "podman failed" unless $?.success?
 
   system(<<-STRING
     set -euo pipefail
@@ -1120,6 +1132,117 @@ def check_manual_upload(host : String, *, owner : String, group : String, mode :
   end
 end
 
+def sync_nostr(config, *, profiles : Bool, output_relays : Array(String))
+  # TODO: do the same thing as cron bash job that uses rust nostr cli client? connect to relays over tor?
+
+  limit = 100
+  now = Time.utc
+  from = now - 3.years # TODO: last commit date? last blog date? previous blog date?
+  to = now + 15.minutes
+  profile_kinds = [0, 3, 10002]
+
+  nostr_config = config["theme_settings"]["nostr"]
+  npub = nostr_config["npub"].as_s
+  pk = JSON.parse(`nak decode #{npub}`)["pubkey"].as_s
+
+  profile_relays = nostr_config["profile_relays"].as_a.map { |i| i.as_s }
+  relays = nostr_config["relays"].as_a.map { |i| i.as_s }
+  read_cache_relays = nostr_config["read_cache_relays"].as_a.map { |i| i.as_s }
+  input_relays : Array(String) = relays + read_cache_relays + profile_relays
+
+  step("sync-nostr")
+  trace("pk=#{pk} input_relays=#{input_relays} output_relays=#{output_relays}")
+
+  nak = "nak req --limit #{limit} --since #{from.to_unix} --until #{to.to_unix}"
+
+  mentions = parse_nostr_events(`#{nak} -p #{pk} #{input_relays.join(' ')}`)
+    .reject { |i|
+      return false unless i["tags"].as_a.any? { |t| t.size > 1 && t[0] == "p" && t[1] == pk }
+      k = i["kind"].as_i
+      [3, 1984, 4454].includes?(k) || (k >= 5000 && k <= 7000) || (k >= 10000 && k <= 10102) || (k >= 20000 && k < 30000) || (k >= 30000 && k <= 30267)
+    }
+  puts("fetched #{mentions.size} mentions")
+
+  parsed_authored_events = parse_nostr_events(`#{nak} -a #{pk} #{input_relays.join(' ')}`)
+  authored_events = parsed_authored_events
+    .reject { |i|
+      return false unless i["pubkey"].as_s == pk
+      k = i["kind"].as_i
+      [4454, 10044].includes?(k) || (k >= 20000 && k < 30000)
+    }
+  puts("fetched #{authored_events.size} authored events")
+
+  puts("writing events")
+  nak_raw(["event"] + output_relays, (mentions + authored_events).map { |i| i.to_json })
+
+  if profiles
+    # TODO: check spam
+    fetch_comments_command = ([nak, "-k", "1", "-p", pk] + input_relays).join(' ')
+    trace(fetch_comments_command)
+    comments_pks = parse_nostr_events(`#{fetch_comments_command}`)
+      .select { |i| i["kind"].as_i == 1 && i["pubkey"].as_s != pk }
+      .map { |i| i["pubkey"].as_s }.to_set
+    request_profiles_command = (
+      [nak, "--since", "0", "-k", "0"] + comments_pks.map { |i| "-a #{i}" } + input_relays
+    ).join(' ')
+    trace(request_profiles_command)
+    comments_profile_events = parse_nostr_events(`#{request_profiles_command}`)
+      .select { |i| i["kind"].as_i == 0 }
+      .group_by { |i| i["pubkey"].as_s }
+      .reject { |p, _| p == pk }
+      .map { |_, g| g.max_by { |i| i["created_at"].as_i } }
+    puts("profile events of commenters = #{comments_profile_events.size}")
+
+    request_author_profile_events_command = (
+      [nak, "--since", "0", "-a", pk] + profile_kinds.map { |k| "-k #{k}" } + input_relays
+    ).join(' ')
+    trace(request_author_profile_events_command)
+    author_profile_events = parse_nostr_events(`#{request_author_profile_events_command}`)
+      .select { |i| profile_kinds.includes?(i["kind"].as_i) }
+    puts("author profile events = #{author_profile_events.size}")
+    nak_raw(["event"] + profile_relays, (comments_profile_events + author_profile_events).map { |i| i.to_json })
+  end
+  puts("finished writing events")
+end
+
+def nak_raw(args, input : Array(String) = [] of String)
+  # TODO: exit after timeout
+  output = Channel(Tuple(String, Process::Status)).new
+  trace("running nak #{args}")
+  spawn do
+    value = Process.run(command: "nak", args: args) do |p|
+      input.each do |line|
+        trace("writing stdin")
+        p.input.puts(line)
+        trace("writing stdin ok")
+      end
+      trace("closing stdin")
+      p.input.close
+      trace("closed stdin")
+      trace("reading stdout")
+      result = p.output.gets_to_end
+      trace("finished reading stdout")
+      result
+    end
+    trace("sending stdout")
+    output.send({value.strip, $?})
+    trace("sent stdout")
+  end
+  trace("waiting for stdout")
+  value, status = output.receive
+  trace("received stdout")
+  raise "#{args}: unexpected exit code #{status}, value=#{value}" unless status.success?
+  value
+end
+
+def parse_nostr_events(text)
+  text
+    .split('\n')
+    .reject { |i| i.strip.empty? }
+    .to_set
+    .map { |i| JSON.parse(i) }
+end
+
 def processes
   Dir.entries("/proc")
     .select { |entry| entry =~ /^\d+$/ }
 
@@ -5,7 +5,8 @@ name="rnostr"
 command="/usr/local/bin/${name}"
 command_user="${name}:${name}"
 command_background="true"
-command_args="relay --watch -c /etc/${name}/${name}.toml"
+command_args="relay -c /etc/${name}/${name}.toml"
+retry="60"
 
 pidfile="/run/${name}.pid"
 output_logger="logger"
 
@@ -1,24 +1,24 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 
 [ -f /etc/init.d/aquatic_ws ] && [ -d /var/www ] && \
-  inotifywait --event close_write,moved_to,create --monitor --recursive /etc/aquatic/ /etc/init.d/ /var/www/ |
+  inotifywait --event close_write,moved_to,create --monitor --recursive /etc/aquatic/ /var/www/ |
     while read -r directory events filename ; do
-      if [[ "${filename}" == "aquatic_ws.conf" || "${filename}" == "aquatic_ws" || "${filename}" == *".m3u8" ]] ; then
+      if [[ "${filename}" == "aquatic_ws.conf" || "${filename}" == *".m3u8" ]] ; then
         rc-service --ifstarted aquatic_ws reload 2>>/dev/stdout | logger
       fi
     done &
 
-[ -f /etc/init.d/broadcastr ] && inotifywait --event close_write,moved_to,create --monitor --recursive /etc/broadcastr/ /etc/conf.d/ |
+[ -f /etc/init.d/broadcastr ] && inotifywait --event close_write,moved_to,create --monitor --recursive /etc/broadcastr/ |
   while read -r directory events filename ; do
-    if [[ "${filename}" == *".json" || "${filename}" == "broadcastr" ]] ; then
+    if [[ "${filename}" == *".json" ]] ; then
       rc-service --ifstarted broadcastr restart 2>>/dev/stdout | logger
     fi
   done &
 
-# using rnostr relay --watch for now, however it's unclear whether it's working correctly
-# [ -f /etc/init.d/rnostr ] && inotifywait --event close_write,moved_to,create --monitor --recursive /etc/rnostr/ |
-#   while read -r directory events filename ; do
-#     if [[ "${filename}" == "rnostr.toml" ]] ; then
-#       rc-service --ifstarted rnostr restart 2>>/dev/stdout | logger
-#     fi
-#   done &
+# rnostr relay --watch does nothing (probably under load only)
+[ -f /etc/init.d/rnostr ] && inotifywait --event close_write,moved_to,create --monitor --recursive /etc/rnostr/ |
+  while read -r directory events filename ; do
+    if [[ "${filename}" == "rnostr.toml" ]] ; then
+      rc-service --ifstarted rnostr restart 2>>/dev/stdout | logger
+    fi
+  done &
@@ -64,6 +64,10 @@ server {
   }
 
   location ~ \.(m3u8|mp4|ts|vtt|webp)$ {
+    if ($http_origin != $origin) {
+      return 404;
+    }
+
     add_header "Access-Control-Allow-Origin" $origin always;
 
     add_header Cache-Control "public, max-age=31536000, immutable";
@@ -132,6 +136,10 @@ server {
   ignore_invalid_headers on;
 
   location ~ \.(m3u8|mp4|ts|vtt|webp)$ {
+    if ($http_origin != $origin) {
+      return 404;
+    }
+
     add_header "Access-Control-Allow-Origin" $origin always;
 
     add_header Cache-Control "public, max-age=31536000, immutable";
@@ -167,4 +175,80 @@ server {
 
     proxy_pass http://localhost:6666/;
   }
+
+  location /nostr/relay.primal.net {
+    if ($http_origin != $origin) {
+      return 404;
+    }
+
+    resolver 9.9.9.9 1.1.1.1 ipv6=off valid=300s;
+
+    proxy_hide_header "Host";
+    proxy_set_header "Host" "relay.primal.net";
+    proxy_hide_header "Access-Control-Allow-Origin";
+
+    proxy_http_version 1.1;
+    proxy_connect_timeout 10m;
+    proxy_socket_keepalive on;
+    proxy_send_timeout 365d;
+    proxy_read_timeout 365d;
+
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    proxy_ssl_server_name on;
+    set $target https://relay.primal.net/;
+    proxy_pass $target;
+  }
+
+  location ~ /nostr/(hist\.nostr\.land|purplepag\.es)$ {
+    if ($http_origin != "http://codonaft.i2p") {
+      return 404;
+    }
+
+    resolver 9.9.9.9 1.1.1.1 ipv6=off valid=300s;
+
+    proxy_hide_header "Host";
+    proxy_set_header "Host" $1;
+    proxy_hide_header "Access-Control-Allow-Origin";
+
+    proxy_http_version 1.1;
+    proxy_connect_timeout 10m;
+    proxy_socket_keepalive on;
+    proxy_send_timeout 365d;
+    proxy_read_timeout 365d;
+
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    proxy_ssl_server_name on;
+    set $target https://$1/;
+    proxy_pass $target;
+  }
+
+  location ~ /nostr/(spam\.nostr\.band/spam_api.*)$ {
+    if ($http_origin != $origin) {
+      return 404;
+    }
+
+    resolver 9.9.9.9 1.1.1.1 ipv6=off valid=300s;
+
+    proxy_hide_header "Host";
+    proxy_set_header "Host" "spam.nostr.band";
+    proxy_hide_header "Access-Control-Allow-Origin";
+    add_header "Access-Control-Allow-Origin" $origin always;
+
+    add_header Cache-Control "public, max-age=86400";
+    expires 86400s;
+
+    proxy_http_version 1.1;
+    proxy_connect_timeout 10m;
+    proxy_socket_keepalive on;
+    proxy_send_timeout 10m;
+    proxy_read_timeout 10m;
+
+    proxy_ssl_server_name on;
+    set $target https://$1$is_args$args;
+    proxy_pass $target;
+  }
 }